In ECS 8.2.0 multiple syslog fields (such as log.syslog.version and log.syslog.structured_data) have been introduced (https://github.com/elastic/ecs/pull/1793).
The current SYSLOG5424BASE pattern stores some of the syslog fileds in the system field. This field is not defined in the ECS standard.
This PR changes 2 fields of the SYSLOG5242BASE pattern, to use the newly defined fields of the ECS 8.2 definition.
The other fields of the SYSLOG5242BASE have been left unchanged, because changing host.hostname to log.syslog.hostname) would introduce a breaking change. I can image many pipelines rely on the host.hostname field.
In ECS 8.2.0 multiple syslog fields (such as
log.syslog.versionandlog.syslog.structured_data) have been introduced (https://github.com/elastic/ecs/pull/1793).The current
SYSLOG5424BASEpattern stores some of the syslog fileds in thesystemfield. This field is not defined in the ECS standard.This PR changes 2 fields of the SYSLOG5242BASE pattern, to use the newly defined fields of the ECS 8.2 definition.
system.syslog.version->log.syslog.versionsystem.syslog.structured_data->log.syslog.structured_dataThe other fields of the
SYSLOG5242BASEhave been left unchanged, because changinghost.hostnametolog.syslog.hostname) would introduce a breaking change. I can image many pipelines rely on thehost.hostnamefield.